The following Nabuu cheat sheet aims to explain what Naabu is, what it does, and how to install it and use it by providing Nabuu command examples in a cheat sheet style documentation format.

What is Naabu?

Naabu is a simple port scanner written in Golang by Project Discovery, with a goal of being simple and fast.

Naabu vs Nmap

Why use Naabu over Nmap, the primary reason for me personally is the automatic IP deduplication. Meaning, when performing subdomain or domain enumeration of a target organisation, and you feed Naabu an input file of domain or subdomain it will resolve them and only scan unique IP addresses, so you are not wasting time and resources scanning the same target IP address twice.

Naabu Cheat Sheet

What does Naabu do:

  • Host discovery
  • Automatic IP Deduplication for DNS port scan
  • Port discovery / enumeration
  • SYN/CONNECT/UDP probe based scanning
  • Passive port scanning via Shodan
  • Performs IPv4/IPv6 port scanning
  • Can be configured to call Nmap to run NSE scripts post port detection
  • Multiple input support - STDIN/HOST/IP/CIDR/ASN
  • Multiple output format support - JSON/TXT/STDOUT

Download & Install Naabu

You can obtain Naabu via the Project Discovery Github.

Naabu Linux Install

go install -v github.com/projectdiscovery/naabu/v2/cmd/[email protected]

Kali

Kali has a package for Naabu (caveat, it may not be the latest version):

sudo apt install naabu

Naabu File Input Options

Naabu input options, allowing Naabu to read and proccess data from input files.

Command Description
-host string[] hosts to scan ports for (comma-separated)
-list, -l string list of hosts to scan ports (file)
-exclude-hosts, -eh string hosts to exclude from the scan (comma-separated)
-exclude-file, -ef string list of hosts to exclude from scan (file)

Naabu Port Options

Command Description
-port, -p string ports to scan (80,443, 100-200
-top-ports, -tp string top ports to scan (default 100)
-exclude-ports, -ep string ports to exclude from scan (comma-separated)
-ports-file, -pf string list of ports to exclude from scan (file)
-exclude-cdn, -ec skip full port scans for CDN's (only checks for 80,443)

Nabu Rate Limiting

Command Description
-c int general internal worker threads (default 25)
-rate int packets to send per second (default 1000)

Naabu Scan Output Options

Command Description
-o, -output string file to write output to (optional)
-json write output in JSON lines format
-csv write output in csv format

Naabu Configuration Options

Command Description
-scan-all-ips, -sa scan all the IP's associated with DNS record
-scan-type, -s string type of port scan (SYN/CONNECT) (default "s")
-source-ip string source ip
-interface-list, -il list available interfaces and public ip
-interface, -i string network Interface to use for port scan
-nmap invoke nmap scan on targets (nmap must be installed) - Deprecated
-nmap-cli string nmap command to run on found results (example: -nmap-cli 'nmap -sV')
-r string list of custom resolver dns resolution (comma separated or from file)
-proxy string socks5 proxy
-resume resume scan using resume.cfg
-stream stream mode (disables resume, nmap, verify, retries, shuffling, etc)

Naabu Optimization Options

Command Description
-retries int number of retries for the port scan (default 3)
-timeout int millisecond to wait before timing out (default 1000)
-warm-up-time int time in seconds between scan phases (default 2)
-ping ping probes for verification of host
-verify validate the ports again with TCP verification

Naabu Debug Options

Command Description
-debug display debugging information
-verbose, -v display verbose output
-no-color, -nc disable colors in CLI output
-silent display only results in output
-version display version of naabu
-stats display stats of the running scan
-si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)

Naabu Example Command Options

The following are real world examples of Naabu commands.

Naabu Scan All Ports

naabu -p 0-65535

Naabu Input File, Fast Scan + Verify Port 21

cat 21.txt | ~/go/bin/naabu -verify -ec -rate 9000 -retries 1 -p 21 -warm-up-time 0 -c 50 -silent -o ftp.txt

Naabu Fast Scan, Verify, Nmap Services

Naabu input file, scan all ports, output to text, fast scan, verify open ports, use Nmap to perform service enumeration

naabu -list subdomains.txt -verify -ec -rate 9000 -retries 1 -p 0-65535 -warm-up-time 0 -c 50 -nmap-cli "nmap -sV -oG nmap-naabu-out" -silent -o naabu-full.txt

If you found this Naabu cheat sheet useful, please share it below.